tis 2009-09-22 klockan 00:15 -0500 skrev Dale Mahalko: > * doesn't require the users to remember a name and password to use > the proxy, and does an auto-login so I can identify the user in the > proxy access logs > > * uses password encryption to prevent sniffing of passwords on the network For the above you need NTLM or kerberos. basic auth can't fulfill any of the above two.. digest auth only fulfills the second with most browsers. Haven't seen them allowing the proxy password to be saved in the browser. but on the positive side the Squid digest helper do have eDirectory integration making it possible to log in to the proxy using the same password as in eDirectory/NDS. > At this point I would be happy with sticking a small program in each > user's Windows roaming profile account that loads when they login and > does the authentication for them, whenever they try to use the proxy. That's doable. And maybe doesn¨t even need any extra program, but it will be done by tying the user identity to the IP of his station. If your NDS/eDir server already keep track of who is logged on at what client IP then all you need is to query this via an external acl, returning the username to Squid. > There is apparently no formal name for doing this sort of user-login > though so I can't search for examples of anyone doing it since I don't > know what to call it. Maybe: "Windows helper application squid > authentication"? Such out-of-band methods with Squid is not authentication, just identification. Regards Henrik
